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Abstract 

Although less studied than purely action or state based logics, state/event based logics 
are becoming increasingly important. Some systems are best studied using structures 
with information on both states and transitions, and it is these structures over which 
state/event based logics are defined. The logic UCTL and its variants are perhaps the 
most widely studied and implemented of these logics to date. As yet, however, no-one 
seems to have defined UCTL*, a trivial step but a worthwhile one. Here we do just that, 
and define mappings that preserve truth between this logic and its more commonplace 
fragments CTL* and ACTL*. Also, acknowledging the importance of modal transition 
systems, we define a state/event based logic over a modified modal transition system as 
a precursor to further work. 

The future is to some extent, even if it is only a very small extent, something we can make for 
ourselves. - Arthur Prior 

1 Introduction 

We define the logic UCTL* over Kripke transition systems [TU], otherwise known as doubly labelled 
transition systems j3S. As suggested in [2J, our Kripke transition systems and labelled transition 
systems [S] carry sets of actions rather than just a single action on each transition, making mappings 
between these structures and Kripke structures simpler. We define ACTL* [5] and ACTlQover 
these structures. We make small changes to the action formulae of [2J to support sets of actions, 
bringing them in line with those of |12j . 

Inspired by [2J, we show some details of the proofs that the mappings between ACTL* and 
CTL* preserve truth and add mappings from UCTL* to both ACTL* and CTL*. In a similar vein 
we show some details of the proofs that the mappings between ACTL and CTL preserve truth and 
add mappings from UCTL 12] to both ACTL and CTL. 

We also briefly look at 3- valued logics. We define a variant of Kripke modal transition sys- 
tems [7. which again carries sets of actions on each transition rather than just a single action. In 
order to accomodate this change, we replace must and may transitions [11] with ! and ? modifiers 
on the actions. We define the 3-valued logic UPML, a variant of 3-valued PML [1 which includes 
features of 3-valued PML Act ©. 

2 Definitions for 2-valued logics 

We define the structures for 2-valued logics, some common concepts, and the syntax and semantics 
and these logics. In the case of labelled transition systems and Kripke transition systems, note 
that in the definitions which follow we limit the number of transitions between any two states in 
any one direction to at most one. 

Definition 2.1. A labelled transition system or LTS is a tuple (S,Act, — >) where: 

• S is a set of states ranged over by s, s 1 , Sq, Si, 

• Act is set of actions ranged over by a with a,cto,a.i, ... ranging over 2 Act , 

• — > C S x 2 Act x S is the transition relation with (sq, a, si) G — >, 



1 There is more than one logic given the name ACTL in the literature. The only one we refer to is the branching 
time logic for labelled transition systems proposed in [2], 



• For any two transitions, (s , &o, S\), (s , a.\, si) € — > a = ot\. 

Definition 2.2. A Kripke structure or KS is a tuple (S, — >, AP, C) where: 

• S is a set of states ranged over by s, s' , s , S\, 

• — ► C S x S is the transition relation with (s , Si) € — 

• is a set of atomic propositions ranged over by p, 

• L : S x AP — >{true, false} is an interpretation function that associates a value of true or 
false with each p e AP for each seS. 

Definition 2.3. A Kripke Transition System or KTS is a tuple (S,Act, — >,AP,C) where: 

• S is a set of states ranged over by s, s', s , s\, 

• Act is set of actions ranged over by a with a, chq, ot\, ... ranging over 2 Act , 

• — > CSx 2 Act x S is the transition relation with (sq, a, Si) € — >. 

• AP is a set of atomic propositions ranged over by p, 

• £ : S x AP — >{true, false} is an interpretation function that associates a value of true or 
false with each p € AP for each seS, 

• For any two transitions, (s , c*o> s i)> ( s 0> a i, s i) <= — ► => a o = a \- 

Note that since transitions carry sets of actions and not just one, there is no silent action r. Instead 
the empty set {} is considered silent. 

For convenience we overload L and define, for each s £ S, the function C(s) : AP — >{true, false} 
where £(s)(p) = C(s,p). The set {£(s) | s £ S} is ranged over by w, w ,^i, ••• and on occasion 
we write these functions in the form {p <— > true,...} rather than {(p, true), ...}. It is also useful 
to define, for some a G 2 Act and to e {£(s) \ s e S}, the transformations a' = {a i-> true \ a e 
a}U{(i4 false \ a ^ a} and to' — {p \ p true G w}. 

Paths are sequences of transitions where the final state of one transition equals the initial 
state of the next transition, if there is one. They are ranged over by a, a' and a". For a KS, 
a = (s ,si)(si,s 2 )... whereas a = (s , a , si)(si, ot\, s 2 )... for a KTS or LTS. Maximal paths are 
cither infinite or their last state has no outgoing transitions. For the set of maximal paths starting 
at state s we write npath(s). For the initial and final states of the first transition of a path a we 
write si ') an d (c)s, respectively. For a KTS or LTS, we write (a)j for the set of actions of the 
first transition of a path a. Usually we abbreviate these with sf , o~s and o~j, respectively. A suffix 
a' of a path a is such that o = a" a' for some possibly zero length path a" . A proper suffix a' of 
a path a is such that a = a" a' for some non-zero length path a". We write a < a' when a' is a 
suffix of a and a < a' when a' is a proper suffix of a. 

The part time logics ACTL" and UCTL" are introduced. Their path formulae will be redefined 
later in this section to form the logics ACTL and UCTL, respectively. In what follows <j> and <f/ 
are state formulae, 7r and n' are path formulae. 

Definition 2.4. The syntaxes of the logics CTL, CTL*, ACTL', ACTL*, UCTL~ and UCTL* 
are, with pleasing symmetry: 



CTL 

4> ■■= P | ^(f> | <p A 4>' | 3-7T 

TT ::= -mr \ X(f> \ <f> U<p' | <p W<j>' 

ACTL- 

4> ::= true \ ^<f> | <f> A 4>' \ 37r 

it ::= ^tt | Xcj) | X a (j) \<j>U<t>'\4> W<p' 

UCTL- 

4> ::= p | -xf> | 4> A 0' I 37r 

tt ::= -mr\ Xcf)\ X a <P \4>U<j)'\4> W<j>' 



CTL* 

4> ..— p | -^4> I 4> a 4>' | 37r 

7T ::= <j) | ^7T | TT A 7r' I A7T | TT Utt' 

ACTL* 

<t> ::— true \ ^<j) \ (f> A <f>' \ 3tt 

TT "= <j) | ^7T | TT A 7r' I A7T | A a 7T | 7T Utt' 

UCTL* 

(/) ::— p | -^4> | A (f>' | 3-7T 

7T ::= | ^7T | 7T A TT 1 \ XlT \ X a TT \ TT Utt' 



Note that for CTL, ACTL", and UCTL", only (f> contributes to the formulae. For CTL*, ACTL* 
and UCTL*, both cj> and tt contribute to the formulae. 
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Definition 2.5. The semantics of CTL and CTL* are defined over Kripke structures, KS; ACTL 
and ACTL* over labelled transition systems, LTS; and UCTL and UCTL* over Kripke transition 
systems, KTS. Specifically: 

For CTL, CTL*, ACTL, ACTL*, UCTL and UCTL*: 

• s\= ^4> iff sty (/), 

• s\=4>r\(j}'iffs\=(j) and s \= <fi' , 

• s \= 3tt iff 3a G [ipath(s) : a \= tt. 

For CTL, CTL*, UCTL~ and UCTL*: 

• s \= P iff £( s )(p) — true. 

For CTL, CTL*, ACTL, ACTL*, UCTL and UCTL*: 

• cr |= -nir iff a ty tt. 

For CTL, ACTL- and UCTL~: 

• a ty X4> iff a s h 4>- 
For ACTL' and UCTL~ : 

• a \= X a (j) iff as \= 4> and a G aj. 
For CTL*: 

• a \= Xtt iff 3s, s', a" : a = (s, s')a" , a" \= tt. 
For ACTL* and UCTL*: 

• a (= Xtt iff 3(s, a, s')a" : a = (s, a, s')a" , a" \= tt. 

• a \= X a n iff 3(s, a, s')a" : a G a, a = (s, a, s')a" , a" \= tt. 

For CTL*, ACTL* and UCTL*: 

• o- \= <j> iff so- \= <j>, 

• a \= tt A 7r' iff a ty tt and a' \= tt' , 

• a \= tt Utt' iff3a' > a : a' |= tt' ,\fa" : a sC a" < a' : a" \= tt. 
For CTL, ACTL- and UCTL~: 

• a \= 4> U<t>' iff 3a' > a : s a' |= <// ,Va" : a sC a" < a' : s cr" h <P 

• a\=<f> W4>' iffa\=<f> U(p' or Ma" ^ a : s cr" |= <t>. 

The V operator is defined in the usual fashion as V-zr = ^3^tt where appropriate. 
Definition 2.6. Action formulae have the following syntax: 

X ■= t I a | I X A x' 

Definition 2.7. Action formulae have the following semantics: 

• cttyr iff a = {}, 

• a |= a iff a G a, 

• aty iff aty X, 

• Oi h X A x' iff a h X and a \= \' ■ 

For ACTL* and UCTL* we derive the following operators: 

X x TT = \f{/\X a TT\ae2 Ac \aty X } 

tt x U x >tt' — (tt A X x true) U (tt A X x >tt') 
tt x W x >tt' = (tt x U x >tt') V (tt X U false) 

These definitions cannot be applied to ACTL and UCTL. Instead we define the syntax and seman- 
tics of the logics to include them. 
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Definition 2.8. The syntax of the path formulae for ACTL and UCTL is: 

7r::=X x 0|0 x t/ x ^'|0 x WW 

Definition 2.9. The semantics of the path formulae for ACTL and UCTL are: 
• cr |= X x <p iff a — o' a" with a ' T \= x an d o~' s \= <f>. 

. a h 4> X U X >4>' iff^o-' >ct: s a'\=(f>,a^ (= X ',°'s H ^,V<r s$ a" < o' : s^" h <Mt H X- 
. a h ^x^W ^ N 0x^W orW" > o : so" M.°t 1= X- 

Note that the W operator did not make it into the definition of ACTL in [2] . We introduce it here 
to bring the definition of ACTL into line with that of UCTL. 



3 Mappings for 2-valued logics 

We define mappings between ACTL* and CTL* in both directions and show some details of the 
proofs that they preserve truth. We then devise similar mappings from UCTL* to CTL* and 
ACTL*. We define mappings between ACTL and CTL in both directions and again show some 
details of the proofs that they preserve truth. And again we devise similar mappings from UCTL 
to CTL and ACTL. 

In what follows, F is a fresh atomic proposition. Where convenient, for some ui' we write C(s)' 
where u = C(s). For convenience we also define {F}' = {F H> true} U {p H> false | p € AP} and 
{F}' Uw' = {Fh true} U J . 

{F}' 

»1 




■ o a' 

(»o>*i) 



so 

Wo 



4 IF) - 



-o {} 



{F}' 




(c) (d) 
Figure 1: Mappings for 2-valued logics 

3.1 ks, a mapping from ACTL* to CTL* 

Let (S, Act, — >) be an LTS. The KS (S', — >',AP',C) is defined: 

• S> = 5U{(s ,si) | («o,si) e — >}, 

• AP' = Act U {F}, 

• V(s ,a, si) £ — ► : (s ,(s ,si)) € — >' and ((s , Si), Si) € — >' , 

• Vs G S* : £'(«) = {F}', 

• V(s , a, St) S — ► : £'((s , si)) = a'. 

ks{true) = true fcs(^7r) = ^ks{i:) 

ks(^(p) = -iks(<p) ks(ir A 7r') = fcs(7r) A fcs(7r') 

fc«(^ A 0') = fcs(0) A fcs(0') /cs(Xtt) = AA(fcs(7r)) 

/cs(3tt) = 3/ss(tt) ks(X a 7r) — Xa A AA(fcs(7r)) 

fcs(7r LV) = (F => ks(Tr))U(F A fcs(Tr')) 
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Figure [Tfa) shows the construction. 

Theorem 3.1. Let L be an LTS with a a path in L and <j) an ACTL* formula, then the mapping 
ks preserves truth, that is L,o~ |= <f> if and only if ks(L), ks(a) \= ks((j)). 

Proof. The proof is by induction on the length of the formula. Suppose <p, cf>' , 7r, n' are all ACTL* 
formulae. We use the abbreviations Lk s — ks(L), — ks(4>) and so on. The proof that L.a \= 
7r Un' if and only if Lk s ,o~k s \= (F =>• Ttks)U(F A 7rJ, s ) is given. By definition, 3a' ^ a : L,a' \= 
n' ,y<7 ^ a" ^ a' : L, a" |= ir. By the induction hypothesis, L, a' |= 7r' if and only if Lk s , o~' ks \= Tr' ks 
and additionally, since Lk s ,a' ks \= F by construction L,a' |= ir' if and only if Lk s ,a' ks \= F A 7rJ. s . 
Now consider er fes ^ a' ks < a ks . For those a ks with oj.' g = (cr")/cs we have L, cr" |= n if and only if 
Lks,a ks |= 71"/^ by the induction hypothesis and again by construction, a' ks \= F, hence L,a" |= ir 
if and only if Lk s , & ks \= F => 7Ta; S . For those ct^.' s without, by construction Lfc s , a' ks \^ F and hence 
vacuously Lk s ,a' ks \= F =>• 7r fcs . Hence Ver cr" < cr' : L,er" if and only if Vcr^s ^ a ks < a' ks : 
Lks, c ks \= F =>• 7Tfe s , which completes the given part of the proof. □ 

3.2 Its, a mapping from CTL* to ACTL* 

Let (S, — y, AP, C) be a KS. The LTS (S 1 , Acf', — is defined: 

• S= SU{s\s £ S}, 

• Act' = AfU{F}, 

• — = {(so, {}, *i) I (s , Sl ) e U {(a, {F}, s) seS}U {(a, {£(«)'}, a) \ s e S} 



lts(p) — 3(XfX p true) lts(^n) = -^lts(ir) 

lta(->4>) = ->lts((f>) Its (it A 7t') = ^s(tt) A Us(-k') 
lts(<f> A </>') = lts(4>) A Zts(0') Its(Xir) = X(3X f true A ^s(vr)) 

Zis(37r) = 3Us(tt) lts(n Uir') = (3X F true A lts(ir))U(3X F true A Z*s(7r')) 

Figure [ljb) shows the construction. 

Theorem 3.2. Let K be a KS with a a path in K and <j> a CTL* formula, then the mapping Its 
preserves truth, that is K,o~\= <f> if and only if lts(K),lts(a) |= lts(<f>). 

Proof. The proof is by induction on the length of the formula. Let if be a KS, then Ku s — lts(K). 
The proof that K,s |= p if and only if Ki ts ,s \= 3(XfX p true) is given. Suppose K,s \= p. 
By construction there are transitions (s,{F},s') and (s',uj',s) in Ku s with p G uj' , therefore 
Kus,s \= 3(XpX p true). Conversely, suppose Ki ts ,s \= 3(XpX p true). Then there must be tran- 
sitions (s,u>[,si) and (si, lj' 2 , S2) with F e wj and p € w^- By construction F e uj implies both 
oj^ = {F} and si = s', however. Similarly by construction S2 = s and since F ^ Act, it can only be 
that this part of Ki ts corresponds to the state s € K with s |= p. □ 



3.3 fes 2 , a mapping from UCTL* to CTL* 

Let (S, Act, — >,AP,C) be a KTS. The KS (5', — >',AP',C) is defined: 

• S' = SU{(s , Sl ) I (s ,si) e — >}, 

• AP' = U Act U {F}, 

• V(s ,a, si) e — >■ : (s ,(so,si)) € — >' and ((s ,si),si) € — 

• Vs e S* : £'(s) = {F} U £(«)', 

• V(s ,a,si) e — >■ : £'((s ,si)) = a 1 . 



ks 2 (p) =p 
ks 2 {^4>) = -^ks 2 (4>) 
ks 2 (<j) A (f) 1 ) = ks 2 ((f>) Afcs 2 (0') 
fcs 2 (37r) = 3&s 2 (7r) 

Figure [ijc) shows the construction. 

Theorem 3.3. Let K be a KTS with a a 
ks 2 preserves truth, that is K,a \= <f> if am 



ks 2 (^ir) = ^fcs 2 (7r) 
ks 2 (-K A 7r') = ks 2 (n) A fcs 2 (7r') 
/cs 2 (Att) = AA(fcs 2 (7r)) 
ks 2 {X a Ti) = Xa A XX(ks 2 (ir)) 
ks 2 (n Un') = (F => ks 2 (n))U(F A ks 2 (n')) 



path in K and <f> a UCTL* formula, then the mapping 
i only if ks 2 (K),ks 2 (a) \= ks 2 (4>). □ 
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3.4 lts 2 , a mapping from UCTL* to ACTL* 

Let (S, Act, — AP, C) be a KTS. The LTS (S', Act', — >') is defined: 

• S= SU{s\s £ S}, 

• Act' = Act U AP U {F}, 

• — = {(so, si) I (so, a, si) S >} U {(«, {F}, s) |se5}U {(s, {C(s)'}, s) \ s e S} 



lts 2 (p) = B(XfXptrue) Its^-iit) = ->lts 2 (Tr) 

lts 2 (^(j>) = -^lts 2 {4>) lts 2 (n A 7r') = lts 2 {i:) A lts 2 (w') 

lts 2 (4> A </>') = Zts 2 (0) A Zis 2 (</>') Us 2 (Xtt) = X(3X F true A lts 2 (ir)) 

lts 2 (3ir) = 3Us 2 (tt) lts 2 {X a ir) = X a {lts 2 {ir)) 



Us 2 (-k Utt') = (3X f true A lts 2 (ir))U (3X F true A lts 2 (n')) 



Figure [TJd) shows the construction. 



Theorem 3.4. Let K be a KTS with a a path in K and <fi a UCTL* formula, then the mapping 
lts 2 preserves truth, that is K,o~\=<f> if and only if lts 2 (K),lts 2 {o~) \= lts 2 (4>). □ 

3.5 ks', a mapping from ACTL to CTL 

The mapping of structures is identical to the ks mapping. 
ks' {true) = true 

ksf{-4) = ->ktf{4>) 

ks' {4> A (f>') = ks'{(j)) Aks{4>') 
ks'(3n) = 3ks'(n) 
fcs'(-i7r) = -^ks'(n) 
ks'{X x (j)) = X(^F A x A 3X(F A ka'(<f>))) 
ks'(cj> x U x 4') = ((F A ks'(<t>)) V (-F A x))E/(-F A 3((^F A X ')U(F A ks'(4>')))) 
ks'{^ x W x 4') = ((F A ks'{<t>)) V (-F A X ))W^F A 3((^F A X ')U(F A ks'^')))) 

Theorem 3.5. Let L be an LTS with a a path in L and 4> an ACTL formula, then the mapping 
ks' preserves truth, that is L,a \= 4> if and only if ks'(L),ks'(a) (= ks'{<j)). 

Proof. The proof is by induction on the length of the formula. Let L be an LTS with <f>, (j) ,tt, tt' 
formulae satisfied in L. Then L ks i = ks'(L), <^>& s / = ks'(<p) and so on. The proof that L, a \= 
<j>xU y <P' if and only if L ks ,,a ks , \= ((F A <j> ks ,) V (-.F A x))[/(-F A 3((-.F A X ')U{F A 0' fes ,))) is 
given. By definition, L,a \= <f> x U x '4>' if and only if 3a' > a : L, $o-' \= <fi,L,o-' T \= x',L,a' s \= 
</>',Ver ^ a" < a' : L, \= 4>,L,o-j |= x- Consider %a' . By the induction hypothesis L, sc' |= <f) 
if and only if L ks i , sinks') H 4>ks' and by construction sinks') H F, therefore L, s</ \= (j> if 
and only if L ks i , sinks') H F A 4> ks >. Now consider a' T and a' 5 . By construction L, a'-j |= X ' 
if and only if L ks > , (a' ks ,)s \= x' ■ Also, by the induction hypothesis L,a' s \= <fi' if and only if 
Lies', (o"s) fcs ' N 't'ks' an d by construction L ks i , (o"s)fcs' H F therefore L, \= <f>' if and only if 
Lks', (cs)fcs' h= F A (j)' ks ,. Working in L ks >, it remains to be shown that (cr' ks ,)s \= x' an d (os)fcs' h 
FA^' fe6 , if and only if s(K s /)s, K)fc s ') h ^ F A 3((-.F A x'W(F A 4>' ks ,))- From left to right we have 
K s ,)s h -F hence S («y)s>sW) h Similarly «,)s h -F A x ' and « s ,)s |= F A <f>' ks , 
hence s((Ofc a /)s 5 (^s)**') N ("'F A X J )U(F A <j>' ka ,). The result then follows. From right to left 
the argument is similar. Therefore <j' t (= \' an( i a 's \= 4 1 if an d on ly if s((°~ ks >)s,(o~' s ) ks >) \= 
^F A 3((->F A x')^(F A ^' fcs /)). Lastly consider sc" and cr'j with crfes- < cr^ s , < a' ks ,. For those cr^, 
with <j' ks i = (a") ks > we have L, s(a") \= <fi if and only if L ks i, s( cr fc S ') |= 4>ks' and by construction 
L ks ', s{&k S ') H F. Therefore L, so - " |= if and only if Lfc s <, s(cr^' s ,) |= F A <t) ks ' ■ For each of those 
a ks' without, by construction there is a unique a" with L, <j'j \= x if an d only if L ks i, sinks') H X- 
Also by construction L ks > , s(cr' ksl ) \£ F and therefore L, a'j \= x if and only if L ks > , s( cr l' S ') \= ^FA%. 
Hence Vct cr" < a' : s ct" h 0, < h X if and only if Vow ct^, < <. s , : cr^' s , |= (F A fas') V 
(->F Ax), which completes the given part of the proof. □ 
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3.6 Its', a mapping from CTL to ACTL 

The mapping of structures is identical to the Its mapping. 



lts'(p) = 3X F (3X p true) lts'(->n) = ->lts'(n) 

Its? {-><!>) = -itsf{<j>) lts'(X4>) = X(lts'{(f>)) 

Its' (el) A </>') = lts'{4>) A lts'(4>') lts'{(f> U<f>') = (BXftrue A Its' '{<j)))V \3X f true A Us' {<)>')) 

Us'{3tt) = Bits' (n) lts'{<p W<j>') = (3X F true A lts'{(j)))W{3X F true A Us' {<)>')) 

Theorem 3.6. Let K be a KS with a a path in K and <f) a CTL formula, then the mapping Us' 
preserves truth, that is K,a \= <f> if and only if Us' (K) , Its' (cr) \= Us' {(f)). □ 



3.7 ks' 2 , a mapping from UCTL to CTL 

The mapping of structures is identical to the ks 2 mapping. 

ks 2(p) =P 

ks' 2 (-<4>) — ->ks' 2 ((j)) 
ks' 2 {4> A <j>') = ks' 2 (4>) A ks 2 (<f>') 
ks' 2 {3Tr) = 3ks' 2 {ir) 
ks' 2 (^ir) = -iks' 2 (Tr) 
ks' 2 (X x 4>) = X(^F A x A BX(F A fcs' 2 (<£')) 
ks' 2 (<t> x U x ,ct>') = ((F A ks' 2 (cf>)) V (-F A X )WhF A 3(H= A X ')U(F A ks' 2 {cj>')))) 
ks' 2 (<\> x W x 4') = ((F A ks' 2 {<j>)) V (-F A x))W{^F A 3((^F A X ')U(F A ks' 2 {<j>')))) 

Theorem 3.7. Let K be a KTS with a a path in K and <f> a UCTL formula, then the mapping 
ks' 2 preserves truth, that is K,a \= <j> if and only if ks' 2 {K), ks' 2 {o~) \= ks' 2 ((ft). □ 



3.8 lts' 2 , a mapping from UCTL to ACTL 

The mapping of structures is identical to the lts' 2 mapping. 

lts' 2 (p) = 3X F (3X p true) 
lts' 2 (->(t>) = -^lts' 2 {4>) 
lts' 2 (4> A 4>') = lts' 2 (4>) A Us' 2 ((f>') 
lts' 2 (3ir) = 3lts' 2 (Ti) 
Us' 2 (^tt) = -^Us' 2 (it) 
lts' 2 (X x ir) = X x (3X f true A lts' 2 (ir)) 
lts' 2 ((j) x U xl <j)') = (3X F true A Us' 2 {<j))) x U x ,{3X ¥ true A lts' 2 ((j>')) 
lts' 2 {4> x W x ,4>') = (3X F true A Us' 2 (<f>)) x W x ,(3X ¥ true A lts' 2 ((f>')) 

Theorem 3.8. Let K be a KTS with a a path in K and (f> a UCTL formula, then the mapping 
lts' 2 preserves truth, that is K,a |= <f> if and only if Us' 2 (K) , lts' 2 (a) \= lts' 2 (0) . □ 
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4 Definitions for 3-valued logics 



We define a variant of Kripke modal transition systems with must and may transitions replaced 
by modifiers on the actions, some common concepts, and then the syntax and semantics of the 
logic UPML. Note that in the definitions which follow we again limit the number of transitions 
between any two states in any one direction to at most one. 

Definition 4.1. For a set of actions Act, a set of modified actions ActM is defined as Actm C 
Actx {!, ?}. We write the elements of Act m in shorthand notation, for example (a, !) becomes a! and 
so on. For any set ActM we place restrictions on the elements, namely a! £ Actu a? ^ ActM 
or, equivalently, a? G ActM ^b!^ ActM- 

Definition 4.2. A Kripke modal transition system or KMTS is a tuple (S,ActM, — >,AP,C) 
where: 

• S is a set of states ranged over by s,So,Sx, 

• ActM is set of modified actions ranged over by a?, a! with a,ao,ai, ... ranging over 2 Ac±M , 

• — > C S X S is the transition relation with (so, s\) € — >, 

• AP is a set of atomic propositions ranged over by p, 

• C: S x AP — >{true, _L, false} is an interpretation function that associates a value of true, 
false or _L, meaning unknown, with each p S AP for each s S S, 

• For any two transitions, (s , c*o. Si), (sq, aj., Si) G — > => a = a.\. 

We overload £ and define, for each s G S, the function C(s) : AP — >{true, _L, false} where 
C(s)(p) = £(s,p). We also define, for a G 2 ActM and cj G {£(s) I s G <5}, the transformations 
a' = {a H> true | a! G a} U {a H> _L | a? G a} U {a H> /aZse a! ^ a A a? ^ a} and a/ = {p! | p h-> 
true G w} U {p? | p H> 1 £ w}. 

Paths and their related definitions are defined in an entirely analogous fashion to those for 
2- valued structures. 

To interpret propositional operators we use Kleene's strong 3-valued propositional logic [H]. 
Negation maps true to false, false to true and _L to _L. The 3-valued truth table for conjunction 
and disjunction, the latter derived from the former by way of De Morgan's law x V y = -^(^x A ->y) , 
is given below. 

xyxAyx\/y xyxAyxVy xyxAyx\/y 



f f 


f f 


1- f 


f 


1 


t f 


f 


t 




f -L 


_L _L 


1 




t _L 


1 


t 


f t 


f t 


_L t 


1 


t 


t t 


t 


t 



The logic UPML is introduced, which has the characteristics of both 3-valued PML [T] and 3- valued 
PML Act . 

Definition 4.3. The syntax the logic UPML is: 

0::=p|-^|^A0'|AX0| AX a <p 

Definition 4.4. The semantics of UPML are defined over Kripke modal transition sytems, KMTS. 
Specifically: 

[S \= ^] = -n [S \= 0] 

[a |= <f> A 4>'] - [a (= 0] A [a |= 0'] 

{irue V(s,_, s') : [a' |= </>] = true 
/a/se3(s,_,s') : [s' (= 0] = /aZse 
_L otherwise 

{true V(s, a, s') : (a! G a V a? G a) ^> [s' \= <p] = true 
false 3(s, a, s') : a! G a A [s' |= tf>] = false 

_L otherwise 
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Here the underscore character _ stands for any set of modified actions. The operators EX and 
EX a can be derived in the usual manner. We give the semantics of the latter by way of an example, 
however: 



Modifying actions with the ! and ? modifiers is equivalent to their transitions being must and may 
transitions, respectively. Note that this definition is a departure from convention [5J |7] and that 
the correspondence is not quite straightforward, since all must transitions are also may transitions 
whereas actions are modified with only one of the ! and ? modifiers, not both. The correspondence 
is effectively a bijection, however, in terms of the above definitions. In the definitions of [s |= AX a cj>] 
and [s \= EX a (j>], for example, we see the term (a! G a V a? G a) rather than just a! G a, making 
them entirely consistent with those of [7j. 

Finally, we note that the AX a operator defined here has a different quality to the composite 
VX a operator defined in the 2- valued case. This has nothing to do with the 3- valued nature of the 
these logics nor the presence of ! and ? modifiers on the actions. Specifically, in the case of 2-valued 
logics, the X a <p operator is satisfied by a path that is both labelled by an action a and who's next 
state satisfies <f). Addition of the V operator then ensures that all paths from a given state satisfy 
this condition. In the case of 3-valued logics, however, leaving aside the 3-valued nature of the 
logics and the modified actions, which do not affect the argument, the AX a operator is satisfied 
when all paths from a state satisfy the condition that labelling by an action a implies that the 
next state satisfies <f>. 

5 Conclusions 

We have defined the logic UCTL* over modified Kripke transition systems. Given recent develop- 
ments [HE], we claim this step is a worthwhile one. We have also modified Kripke modal transition 
systems in similar fashion and defined a logic, UPML, over these systems. We have defined map- 
pings between the various logics in the 2-valued case that preserve truth but have shied away from 
such an approach in the 3-valued case. As reported in [3], the results of [2] led to practial gains 
in model checking at the time but with the plethora of model checkers around today it seems un- 
likely that similar results for 3-valued logics will have any impact. The results of [B] are not quite 
complete, their Kripke modal transition systems do not carry actions on their transitions, but a 
full investigation of the 3-valued case is likely to have only theoretical interest and is therefore left 
for future work. 

5.1 Acknowledgements 

My sincere thanks to Ian Hodkinson for his many helpful comments and corrections. 




true 3(s, a, s') : a! G a A [s' |= 0] = true 

false V(s, a, s') : (a! G a V a? G a) =>- [s' |= 4>] — false 



_L otherwise 
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